Go crypto: bridging the performance gap

It is no secret that we at CloudFlare love Go. We use it, and we use it a LOT. There are many things to love about Go, but what I personally find appealing is the ability to write assembly code!

CC BY 2.0 image by Jon Curnow

That is probably not the first thing that pops to your mind when you think of Go, but yes, it does allow you to write code "close to the metal" if you need the performance!

Another thing we do a lot in CloudFlare is... cryptography. To keep your data safe we encrypt everything. And everything in CloudFlare is a LOT.

Unfortunately the built-in cryptography libraries in Go do not perform nearly as well as state-of-the-art implementations such as OpenSSL. That is not acceptable at CloudFlare's scale, therefore we created assembly implementations of Elliptic Curves and AES-GCM for Go on the amd64 architecture, supporting the AES and CLMUL NI to bring performance up to par with the OpenSSL implementation we use for Universal SSL.

We have been using those improved implementations for a while, and attempting to make them part of the official Go build for the good of the community. For now Continue reading

ARP Processing in Layer-3-Only Networks

John Jackson wrote an interesting comment on my Rearchitecting L3-Only Networks blog post:

What the host has configured for its default gateway doesn't really matter, correct? Because the default gateway in traditional L2 access networks really isn't about the gateway's IP address, but the gateway's MAC address. The destination IP address in the packet header is always the end destination IP address, never the default gateway.

He totally got the idea, however there are a few minor details to consider.

Read more ...

Another Uber office in China faces government scrutiny

Chinese authorities visited an Uber office in the country on Wednesday, just a week after another company office faced a local police raid over its ride-hailing service.Local authorities came to Uber’s office in the Chinese city of Chengdu, Uber confirmed in en email. But the visit was “routine,” it added.“There are no disruptions to the Uber platform, and it’s business as usual,” the company said.Chengdu authorities have opened an investigation against Uber, but its office has not been closed, according to local media. Uber did not elaborate, and Chengdu’s Transportation Committee could not be immediately reached for comment.The visit follows a police raid of an Uber office in the Chinese city of Guangzhou, reportedly for letting private drivers use the ride-hailing service without proper qualifications.To read this article in full or to leave a comment, please click here

Another Uber office in China faces government scrutiny

Chinese authorities visited an Uber office in the country on Wednesday, just a week after another company office faced a local police raid over its ride-hailing service.Local authorities came to Uber’s office in the Chinese city of Chengdu, Uber confirmed in en email. But the visit was “routine,” it added.“There are no disruptions to the Uber platform, and it’s business as usual,” the company said.Chengdu authorities have opened an investigation against Uber, but its office has not been closed, according to local media. Uber did not elaborate, and Chengdu’s Transportation Committee could not be immediately reached for comment.The visit follows a police raid of an Uber office in the Chinese city of Guangzhou, reportedly for letting private drivers use the ride-hailing service without proper qualifications.To read this article in full or to leave a comment, please click here

Companies are falling behind on securing their SAP environments

More than 95 percent of SAP systems deployed in enterprises are exposed to vulnerabilities that could lead to a full compromise of business data, a security firm claims.Onapsis, a Boston-based company that specializes in SAP security audits, also found that the average time-to-patch for SAP vulnerabilities is more than 18 months—12 months for SAP to issue fixes and 6 months for companies to deploy them.This suggests that many companies are falling behind on SAP security, even though these systems hold some of their most critical and confidential information.To read this article in full or to leave a comment, please click here

Attackers exploit vulnerabilities in two WordPress plugins

A vulnerability within two widely used WordPress plugins is already being exploited by hackers, putting millions of WordPress sites at risk, according to a computer security firm.The plugins are JetPack, a customization and performance tool, and Twenty Fifteen, used for infinite scrolling, wrote David Dede, a malware researcher with Sucuri. WordPress installs Twenty Fifteen by default, which increases the number of vulnerable sites.Both plugins use a package called genericons, which contains vector icons embedded in a font. In the package, there is an insecure file called “example.html” which makes the package vulnerable, Dede wrote.To read this article in full or to leave a comment, please click here

NETCONF and the ncclient

NETCONF is an industry standard (IETF) network management protocol. It’s actually been around for quite awhile and supported by numerous vendors. While NETCONF is not always compatible across network switch platforms, it’s the closest thing I can see that could be a unified multi-vendor API. Of course, there are also vendor extensions for those device-specific features too.

I’m not going to get too much into what NETCONF is because Matt Oswalt has already done that. Check out his post if you haven’t already done so. There are also plenty of other good resources on NETCONF out there.

What I am going to focus on in this post is using Python to interact with NETCONF-enabled network switches.

Let’s get to it.

First, you’ll want to install the ncclient. It is pretty much the de facto Python library to use when you need a NETCONF client to communicate with a NETCONF server, i.e. a network device.

sudo pip install ncclient

This will also install a few other required dependencies such as paramiko and lxml along with the client itself.

The next thing you are going to need is at least one switch (or device) that supports NETCONF. In this post, I’m Continue reading

Intel increases its hiring among women, minorities

Intel is becoming a little more diverse, just several months after announcing an ambitious plan to add more women and minority workers to its ranks.Since January, roughly 17 percent of Intel’s senior hires were historically under-represented minorities—about double the rate last year. Intel also doubled its senior hiring among women to 33 percent, CEO Brian Krzanich said on Wednesday.More broadly, roughly 41 percent of Intel’s hires for the year so far have been “diverse,” he said, without specifying further. That’s up from about 30 percent a year ago, Krzanich said. He gave the figures during a talk at the Push Tech 2020 Summit in San Francisco, an event focused on diversity issues in the technology industry.To read this article in full or to leave a comment, please click here

A Quick Introduction to LXD

With the recent release of Ubuntu 15.04, aka “Vivid Vervet”, the Ubuntu community has also unveiled an early release of LXD (pronounced “lex-dee”), a new project aimed at revitalizing the use of LXC and LXC-based containers in the face of application container efforts such as Docker and rkt. In this post, I’ll provide a quick introduction to LXD.

To make it easier to follow along with some of the examples of using LXD, I’ve created an lxd directory in my GitHub “learning-tools” repository. In that directory, you’ll find a Vagrantfile that will allow you to quickly and easily spin up one or more VMs with LXD.

Relationship between LXD and LXC

LXD works in conjunction with LXC and is not designed to replace or supplant LXC. Instead, it’s intended to make LXC-based containers easier to use through the addition of a back-end daemon supporting a REST API and a straightforward CLI client that works with both the local daemon and remote daemons via the REST API. You can get more information about LXD via the LXD web site. Also, if you’re unfamiliar with LXC, check out this brief introduction to LXC. Once you’ve read that, you can browse some Continue reading

Interpreting and Graphing Aruba ARM Counters

Guest post by Mike Albano

The topic of "do you trust RRM" is often discussed. The most typical answer is: "Yes, if I understand it." I know I've personally spent numerous hours blaming RRM for a questionable Dynamic Channel Assignment (DCA), and I'm usually wrong.

For the purpose of this post, RRM = Radio Resource Management; be it ARM (Aruba), RRM (Cisco), ACSP (Aerohive), SmartRF (Extreme) etc. etc.

This post isn't about the topic of "trust", or if to use RRM. Here's a good post by @wirednot on that topic. (Read the comments!)

This is more about:

  • Finding a way to interpret and use the data available to identify if/when an AP will change channels (DCA).
  • Analyzing the state of the channel, from the AP's perspective, before & after a channel change.
  • Showing an example of tools I use regularly in troubleshooting (Python and AirRecorder).

The system in question is an Aruba Instant AP (Instant OS version 6.3.1.8-4.0.0.9).

Data Gathering

Typically, I use Pexpect for screen-scraping CLI output but Aruba has written a handy utility to do this for you. It's called Air Recorder, and is multi-platform (Java.) Will run on Continue reading

AMD’s Zen chips to square off against Intel’s Skylake next year

AMD’s recent chips haven’t rocked Intel’s PC market dominance, but new chips based on the company’s Zen architecture could change the narrative next year.The company on Wednesday shared initial details about the new FX and seventh-generation A-series chips, which will be in desktops and laptops next year. The chips are based on Zen, the brainchild of Jim Keller, a leading iPad and iPhone chip designer at Apple until AMD hired him on 2012.The new AMD chips will battle Intel’s highly anticipated chips code-named Skylake, which will start appearing in tablets, laptops and desktops starting later this year. Intel has called Skylake its most significant chip family of last decade, designed to bring many wireless charging and data transfer features to laptops.To read this article in full or to leave a comment, please click here

How workflow capabilities benefit continuous delivery environments

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Wikipedia defines workflow as “an orchestrated and repeatable pattern of business activity enabled by the systematic organization of resources into processes” - processesthat make things or just generally get work done. Manufacturers can thank workflows for revolutionizing the production of everything from cars to chocolate bars. Management wonks have built careers on applying workflow theories like Lean and TQM to their business processes.

To read this article in full or to leave a comment, please click here

With IoT projects come financial benefits, but also security risks

Internet of Things projects can yield data and insights that help companies operate more efficiently and improve products, but also give hackers additional targets to attack.Expect more malware like Stuxnet, a worm that went after Siemens industrial control systems and mostly infected computers in Iran, said Alan Tait, CTO of Stream Technologies, a London company with technology that enables machine-to-machine communication.“As we connect more things to any form of the Internet, even if there’s security, people will still go after them,” he said.Tait, along with other speakers on different panels, appeared at the LiveWorx conference in Boston on Wednesday to discuss how companies are handling IoT security issues and finding value in linking devices to the Internet.To read this article in full or to leave a comment, please click here

Debunking the myths dogging the hybrid cloud

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Many companies face the dilemma of how to get the most out of legacy IT equipment and applications while taking advantage of the latest cloud advances to keep their company competitive and nimble.

A hybrid approach to IT infrastructure enables internal IT groups to support legacy systems with the flexibility to optimize service delivery and performance thru third-party providers. Reconciling resources leads to improved business agility, more rapid delivery of services, exposure to innovative technologies, and increased network availability and business uptime, without having to make the budget case for CAPEX investment.

To read this article in full or to leave a comment, please click here

Hurray! AMD vows to compete in the high-end PC market again, from CPUs to GPUs

AMD has been forced to pick its battles, wary of going toe-to-toe with Intel and its mighty manufacturing machine. But AMD chief executive Lisa Su said Wednesday that it’s time for AMD to re-enter the ring and again commit to high-end, premium products.Su said that AMD plans to launch a new high-performance “Zen” core next year that will be marketed as the AMD FX CPU—AMD’s traditional brand for the high-end gaming market. AMD also plans to add cutting-edge high-bandwidth memory to its forthcoming Radeon graphics products, and address new, emerging markets such as the virtual reality space. Su also said she aggressively plans to go after the data center—not a space consumers may care about, but a high-margin business that Intel has used as a profit center for decades.To read this article in full or to leave a comment, please click here

AMD slims PC chip lineup, hopes to return to profitability by year end

AMD hasn’t been competitive in the chip market over the last few years thanks to some poor decisions, but the company is simplifying its product lineup for PCs while getting into some newer, hotter product areas in hopes of reaching consistent profitability by the end of this year.On Tuesday, AMD CEO Lisa Su provided details on the company’s plan to reverse its sagging fortunes. The company will accelerate its move from PCs in an attempt to be a more diversified company that embraces graphics—where it already has a big presence—and other markets such as the Internet of Things, servers and custom chips.AMD still wants to make gains in the PC market, but is also hoping to increase market share in the graphics and custom chip market in 2016, Su said.To read this article in full or to leave a comment, please click here

1 3,468 3,469 3,470 3,471 3,472 3,809